playbooks
Learn Cursor Rules Windsurf Rules MCPs Modes
Log in

Binalyze AIR MCP server

Bridges to the Binalyze AIR digital forensics platform, enabling security teams to query endpoint data, monitor status, and manage investigations through a secure API connection.
Back to servers
Setup instructions
Provider
Binalyze
Release date
Apr 16, 2025
Language
TypeScript
Package
npm
Stats
2.5K downloads
6 stars
View on GitHub

The Binalyze AIR MCP server enables natural language interaction with digital forensics and incident response capabilities, connecting large language models to Binalyze AIR without requiring complex API knowledge or coding.

Installation

Local Development

# Clone the repository
git clone https://github.com/binalyze/air-mcp

# Change to the project directory
cd air-mcp

# Install dependencies
npm install

# Build the project
npm run build

Configuration with Claude Desktop

Add the following to your Claude Desktop configuration file:

{
  "mcpServers": {
    "air-mcp": {
      "command": "npx",
      "args": ["-y", "@binalyze/air-mcp"],
      "env": {
        "AIR_HOST": "your-api-host.com",
        "AIR_API_TOKEN": "your-api-token"
      }
    }
  }
}

Configuration with Cursor

  1. Navigate to Cursor Settings > MCP
  2. Add a new MCP server with: 
    {
  "mcpServers": {
    "air-mcp": {
      "command": "npx",
      "args": ["-y", "@binalyze/air-mcp"],
      "env": {
        "AIR_HOST": "your-api-host.com",
        "AIR_API_TOKEN": "your-api-token"
      }
    }
  }
}

Installation with Smithery

One-Line Installation Commands

For Claude:

npx -y @smithery/cli@latest install @binalyze/air-mcp --client claude --key {smithery_key}

For Cursor:

npx -y @smithery/cli@latest install @binalyze/air-mcp --client cursor --key {smithery_key}

For Windsurf:

npx -y @smithery/cli@latest install@rapidappio/rapidapp-mcp --client windsurf --key {smithery_key}

For VSCode:

npx -y @smithery/cli@latest install @binalyze/air-mcp --client vscode --key {smithery_key}

Usage Examples

Use natural language commands in your MCP client:

Asset Management

  • List all assets in the system
  • Get details about asset with ID "abc123"
  • Get tasks for asset with ID "abc123"

Acquisition Management

  • List all acquisition profiles
  • List all acquisition artifacts
  • Assign an acquisition task to endpoint 123abc using profile "full" for case "C-2022-0001"
  • Assign an image acquisition task to endpoint 123abc for volume /dev/sda1 saving to repository 456def
  • Create an acquisition profile named "My Custom Profile" with windows evidence ["clp"] and linux artifact ["apcl"]

Endpoint Control

  • Reboot endpoint 123abc
  • Shutdown endpoint 123abc
  • Isolate endpoint 123abc
  • Unisolate endpoint 123abc
  • Retrieve logs from endpoint 123abc
  • Update version for endpoint 123abc

Organization and Case Management

  • List all organizations
  • List all cases
  • Create a new case named "Incident Response"
  • Update case with ID "C-2022-0003" to have name "Updated Case"
  • Close case with ID "C-2022-0003"

Forensic Analysis

  • Acquire baseline for case "C-2022-001" from endpoints ["id1", "id2"]
  • Compare baselines for endpoint "id1" with task IDs ["task1", "task2"]
  • Get comparison report for endpoint "id1" and task "task1"

Policy and Rule Management

  • List all policies
  • Create a policy named "Production Policy" with specific storage settings
  • List all triage rules
  • Create triage rule named "My Rule"
  • Validate triage rule syntax

Repository Management

  • List repositories
  • Create SMB repository with name "My SMB Repository"
  • Create SFTP repository with name "My SFTP Repository"
  • Create Azure Storage repository with name "My Azure Storage Repository"
  • Create a new Amazon S3 repository

Asset Tagging

  • Add tags ["tag1", "tag2"] to asset with ID "endpoint-id"
  • Remove tags ["tag1"] from asset with ID "endpoint-id"
  • Create an auto asset tag named "Web Server"
  • List all auto asset tag rules

Report Generation

  • Download PPC file for endpoint "ep-1" and task "task-1"
  • Download task report for endpoint "123" and task "456"
  • Export cases data
  • Export notes for case with ID "case123"

How to install this MCP server

For Claude Code

To add this MCP server to Claude Code, run this command in your terminal:

claude mcp add-json "air-mcp" '{"command":"npx","args":["-y","@binalyze/air-mcp"],"env":{"AIR_HOST":"your-api-host.com","AIR_API_TOKEN":"your-api-token"}}'

See the official Claude Code MCP documentation for more details.

For Cursor

There are two ways to add an MCP server to Cursor. The most common way is to add the server globally in the ~/.cursor/mcp.json file so that it is available in all of your projects.

If you only need the server in a single project, you can add it to the project instead by creating or adding it to the .cursor/mcp.json file.

Adding an MCP server to Cursor globally

To add a global MCP server go to Cursor Settings > Tools & Integrations and click "New MCP Server".

When you click that button the ~/.cursor/mcp.json file will be opened and you can add your server like this:

{
    "mcpServers": {
        "air-mcp": {
            "command": "npx",
            "args": [
                "-y",
                "@binalyze/air-mcp"
            ],
            "env": {
                "AIR_HOST": "your-api-host.com",
                "AIR_API_TOKEN": "your-api-token"
            }
        }
    }
}

Adding an MCP server to a project

To add an MCP server to a project you can create a new .cursor/mcp.json file or add it to the existing one. This will look exactly the same as the global MCP server example above.

How to use the MCP server

Once the server is installed, you might need to head back to Settings > MCP and click the refresh button.

The Cursor agent will then be able to see the available tools the added MCP server has available and will call them when it needs to.

You can also explicitly ask the agent to use the tool by mentioning the tool name and describing what the function does.

For Claude Desktop

To add this MCP server to Claude Desktop:

1. Find your configuration file:

  • macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
  • Windows: %APPDATA%\Claude\claude_desktop_config.json
  • Linux: ~/.config/Claude/claude_desktop_config.json

2. Add this to your configuration file:

{
    "mcpServers": {
        "air-mcp": {
            "command": "npx",
            "args": [
                "-y",
                "@binalyze/air-mcp"
            ],
            "env": {
                "AIR_HOST": "your-api-host.com",
                "AIR_API_TOKEN": "your-api-token"
            }
        }
    }
}

3. Restart Claude Desktop for the changes to take effect

Want to 10x your AI skills?

Get a free account and learn to code + market your apps using AI (with or without vibes!).

Nah, maybe later